How can I failover an intranet connection to the internet

Discussion in 'Cisco' started by lenny, Feb 5, 2005.

  1. lenny

    lenny Guest

    Hi

    I'm a programmer with very limited net design / admin knowledge, so
    forgive me if this question sounds naive.

    We are a small company (10 people) with 2 T1 connections. One T1 gives
    us public internet access through a Cisco 1700 router (there's a
    Watchguard Firebox behind the router for security). The second
    connection is exclusively for access to special purpose data from a
    single data vendor. I believe this line puts us on the vendors
    intranet, or it may be a point to point line) It's not on the public
    internet. The connection on this second line is via a Cisco 1600 doing
    the job of a boundary router (lan to wan address traslation only). Both
    T1 connections go onto the our company ethernet (one segment for
    everyone).

    The private data source can give us data over the public internet when
    their intranet line fails (which it does occasionally). We fail over to
    the data vendors public internet in a pretty crude way: Each user of
    the data vendors intranet connection has a persistent route to the
    intranet set in their (Windows XP) computer. When the intranet goes
    down, we have these users run a batch file that executes the Windows
    "route" utility and substitutes an ip address of our private data
    vendor that's available via the public internet. When the intranet T1
    line comes back, the users execute a second batch file that replaces
    the persistent route in their computers back to the intranet T1.

    I'm wondering whether (and how) I can remove all persistent routes in
    the users computers and substitute some settings in the two cisco
    routers so the failover to the public internet and back to the intranet
    happens automagically as the intranet T1 goes down and returns? Is this
    a job that's doable by a programmer or should I look for a by-the-hour
    comms expert to do it?

    Thanks in advance for your advice.

    Lenny
     
    lenny, Feb 5, 2005
    #1
    1. Advertising

  2. lenny

    PES Guest

    lenny wrote:
    > Hi
    >
    > I'm a programmer with very limited net design / admin knowledge, so
    > forgive me if this question sounds naive.
    >
    > We are a small company (10 people) with 2 T1 connections. One T1 gives
    > us public internet access through a Cisco 1700 router (there's a
    > Watchguard Firebox behind the router for security). The second
    > connection is exclusively for access to special purpose data from a
    > single data vendor. I believe this line puts us on the vendors
    > intranet, or it may be a point to point line) It's not on the public
    > internet. The connection on this second line is via a Cisco 1600 doing
    > the job of a boundary router (lan to wan address traslation only). Both
    > T1 connections go onto the our company ethernet (one segment for
    > everyone).
    >
    > The private data source can give us data over the public internet when
    > their intranet line fails (which it does occasionally). We fail over to
    > the data vendors public internet in a pretty crude way: Each user of
    > the data vendors intranet connection has a persistent route to the
    > intranet set in their (Windows XP) computer. When the intranet goes
    > down, we have these users run a batch file that executes the Windows
    > "route" utility and substitutes an ip address of our private data
    > vendor that's available via the public internet. When the intranet T1
    > line comes back, the users execute a second batch file that replaces
    > the persistent route in their computers back to the intranet T1.
    >
    > I'm wondering whether (and how) I can remove all persistent routes in
    > the users computers and substitute some settings in the two cisco
    > routers so the failover to the public internet and back to the intranet
    > happens automagically as the intranet T1 goes down and returns? Is this
    > a job that's doable by a programmer or should I look for a by-the-hour
    > comms expert to do it?
    >
    > Thanks in advance for your advice.
    >
    > Lenny
    >


    You could remove all persisitant routes and add the relevent entries to
    whatever the client points to as a default gateway. You would still
    have to config change it at failover, but only at one place. To make it
    seamlessly fail over would take a lot more discussion about the
    scenario, address translation and route population.

    Only exception to this working would be if the clients point to a
    firewall that will not send and receive the sampe packet out the same
    port (I.E. PIX).

    --
    -------------------------
    Paul Stewart
    Lexnet Inc.
    Email address is in ROT13
     
    PES, Feb 5, 2005
    #2
    1. Advertising

  3. lenny

    Guest

    You probably will want to get a qualifed Ciscco CCIE netwrok engineer
    to assist you with this.

    You would want to see if you can establish a VPN tunnel from your
    Ciscco 1700 to the Data Vendor environment. Hopefully this would allow
    you to have the same IP address for the data vendor server. regardless
    of the transport path ( ie. vaia the 1700 or 1600).

    You would run a dynamic routing protocl between the 1600 and 1700 to
    allow you to know when the data vendor server IP address is not
    reachable via the 1600, then the 1700 could punt it out on the VPN
    tunnel..



    You could implement HSRP between the Cisco 1700 and the Cisco 1600, so
    that the users machine would not have to have any routes other than
    default to the HSRP address for any destination otehr that you local
     
    , Feb 5, 2005
    #3
  4. lenny

    Guest

    If you wish to discuss further send me private email to
    ""
     
    , Feb 5, 2005
    #4
  5. lenny

    SysAdm Guest

    "lenny" <> wrote in message
    news:...
    > Hi
    >
    > I'm a programmer with very limited net design / admin knowledge, so
    > forgive me if this question sounds naive.
    >
    > We are a small company (10 people) with 2 T1 connections. One T1 gives
    > us public internet access through a Cisco 1700 router (there's a
    > Watchguard Firebox behind the router for security). The second
    > connection is exclusively for access to special purpose data from a
    > single data vendor. I believe this line puts us on the vendors
    > intranet, or it may be a point to point line) It's not on the public
    > internet. The connection on this second line is via a Cisco 1600 doing
    > the job of a boundary router (lan to wan address traslation only). Both
    > T1 connections go onto the our company ethernet (one segment for
    > everyone).
    >
    > The private data source can give us data over the public internet when
    > their intranet line fails (which it does occasionally). We fail over to
    > the data vendors public internet in a pretty crude way: Each user of
    > the data vendors intranet connection has a persistent route to the
    > intranet set in their (Windows XP) computer. When the intranet goes
    > down, we have these users run a batch file that executes the Windows
    > "route" utility and substitutes an ip address of our private data
    > vendor that's available via the public internet. When the intranet T1
    > line comes back, the users execute a second batch file that replaces
    > the persistent route in their computers back to the intranet T1.
    >
    > I'm wondering whether (and how) I can remove all persistent routes in
    > the users computers and substitute some settings in the two cisco
    > routers so the failover to the public internet and back to the intranet
    > happens automagically as the intranet T1 goes down and returns? Is this
    > a job that's doable by a programmer or should I look for a by-the-hour
    > comms expert to do it?
    >
    > Thanks in advance for your advice.
    >
    > Lenny


    depending on how "smart" you want this setup it could either be done with
    HSRP and interface tracking (that would give you the failover, but wouldnt
    give you dynamic routing), or alternatively combine HSRP and a dynamic
    routing protocol to give you full manipulation of your traffic path.

    SysAdm
     
    SysAdm, Feb 6, 2005
    #5
  6. lenny

    Ben Guest

    One has to ask, is the direct privately addressed connection necessary
    at all? There is no real security benefit if data can be routed via the
    internet anyway.

    Since redundancy appears to be a requirement, perhaps both sites having
    a 2nd internet connection would be a cleaner solution. This combined
    with an encrypted vpn for secure data transfer would give you the
    security and availability required.

    If both internet connections terminated on the same router at each end,
    failing over if one link died would be trivial to set up. The vpn would
    be more complex and require some expertise.

    cheers,

    Ben


    SysAdm wrote:
    > "lenny" <> wrote in message
    > news:...
    >
    >>Hi
    >>
    >>I'm a programmer with very limited net design / admin knowledge, so
    >>forgive me if this question sounds naive.
    >>
    >>We are a small company (10 people) with 2 T1 connections. One T1 gives
    >>us public internet access through a Cisco 1700 router (there's a
    >>Watchguard Firebox behind the router for security). The second
    >>connection is exclusively for access to special purpose data from a
    >>single data vendor. I believe this line puts us on the vendors
    >>intranet, or it may be a point to point line) It's not on the public
    >>internet. The connection on this second line is via a Cisco 1600 doing
    >>the job of a boundary router (lan to wan address traslation only). Both
    >>T1 connections go onto the our company ethernet (one segment for
    >>everyone).
    >>
    >>The private data source can give us data over the public internet when
    >>their intranet line fails (which it does occasionally). We fail over to
    >>the data vendors public internet in a pretty crude way: Each user of
    >>the data vendors intranet connection has a persistent route to the
    >>intranet set in their (Windows XP) computer. When the intranet goes
    >>down, we have these users run a batch file that executes the Windows
    >>"route" utility and substitutes an ip address of our private data
    >>vendor that's available via the public internet. When the intranet T1
    >>line comes back, the users execute a second batch file that replaces
    >>the persistent route in their computers back to the intranet T1.
    >>
    >>I'm wondering whether (and how) I can remove all persistent routes in
    >>the users computers and substitute some settings in the two cisco
    >>routers so the failover to the public internet and back to the intranet
    >>happens automagically as the intranet T1 goes down and returns? Is this
    >>a job that's doable by a programmer or should I look for a by-the-hour
    >>comms expert to do it?
    >>
    >>Thanks in advance for your advice.
    >>
    >>Lenny

    >
    >
    > depending on how "smart" you want this setup it could either be done with
    > HSRP and interface tracking (that would give you the failover, but wouldnt
    > give you dynamic routing), or alternatively combine HSRP and a dynamic
    > routing protocol to give you full manipulation of your traffic path.
    >
    > SysAdm
    >
    >
     
    Ben, Feb 7, 2005
    #6
  7. lenny

    lenny Guest

    Contributors:

    Thanks for your replies. I can see from the content of the replies that
    it would take me a long time (and as a programmer, time not well
    spent) to learn enough to configure a HSRP setup (with or without
    dynamic routing).

    Looks like my best bet is to use a by-the-hour (or by- the-job)
    expert. I'm guessing that someone familiar with this could implement it
    in just a couple of hours. These replies give me an idea of what to
    ask a prospective consultant.

    Do you think it would be best to have somone phyically present at our
    site, or could this all be done remotely? (I could temporarily wire the
    console port of the Cisco 1600 router to a dial modem, for the intranet
    router's configuration, if need be).
     
    lenny, Feb 7, 2005
    #7
  8. lenny

    Guest

    The design and configuration prepration could be done by someone
    offsite.

    You also need to have a thorough failure testing plan prepared. That
    plan should include the physical failure of each router. This testing
    is probably best done on site.
     
    , Feb 7, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alec Waters
    Replies:
    0
    Views:
    1,572
    Alec Waters
    Jun 9, 2004
  2. mike
    Replies:
    0
    Views:
    775
  3. Mun
    Replies:
    0
    Views:
    385
  4. compukid007

    Internet/Intranet Site Updates/Changes - Automation

    compukid007, Sep 3, 2008, in forum: General Computer Support
    Replies:
    0
    Views:
    662
    compukid007
    Sep 3, 2008
  5. Raymond

    Intranet and Internet

    Raymond, Jul 13, 2004, in forum: A+ Certification
    Replies:
    23
    Views:
    1,121
    Tom MacIntyre
    Jul 23, 2004
Loading...

Share This Page